Skip to main content

Limrad Nac

2 CVEs product

Monthly

CVE-2026-6371 MEDIUM This Month

Stored cross-site scripting in Limatek System Inc.'s LimRAD NAC through version 08072026 allows an adjacent-network, low-privileged attacker to inject persistent malicious scripts that execute in victims' browsers when affected pages are loaded. The CVSS scope change (S:C) confirms that injected script execution crosses into the victim's browser security context, enabling potential session hijacking or credential theft targeting higher-privileged users such as administrators. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; however, the vendor did not respond to TR-CERT's disclosure, leaving no patch available and remediation options limited to compensating controls.

XSS Limrad Nac
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2026-7852 CRITICAL PATCH Act Now

Remote code execution in Limatek System Inc. LimRAD NAC versions prior to 5.5.7.3.9 allows unauthenticated remote attackers to upload dangerous file types and achieve Remote Code Inclusion. The CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) rating reflects an internet-reachable, no-interaction exploitation path against a network access control appliance, though no public exploit identified at time of analysis. The vulnerability was disclosed by TR-CERT and tracked in Turkish national vulnerability advisory TR-26-0366.

File Upload Limrad Nac
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
EPSS 0% CVSS 4.8
MEDIUM This Month

Stored cross-site scripting in Limatek System Inc.'s LimRAD NAC through version 08072026 allows an adjacent-network, low-privileged attacker to inject persistent malicious scripts that execute in victims' browsers when affected pages are loaded. The CVSS scope change (S:C) confirms that injected script execution crosses into the victim's browser security context, enabling potential session hijacking or credential theft targeting higher-privileged users such as administrators. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; however, the vendor did not respond to TR-CERT's disclosure, leaving no patch available and remediation options limited to compensating controls.

XSS Limrad Nac
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in Limatek System Inc. LimRAD NAC versions prior to 5.5.7.3.9 allows unauthenticated remote attackers to upload dangerous file types and achieve Remote Code Inclusion. The CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) rating reflects an internet-reachable, no-interaction exploitation path against a network access control appliance, though no public exploit identified at time of analysis. The vulnerability was disclosed by TR-CERT and tracked in Turkish national vulnerability advisory TR-26-0366.

File Upload Limrad Nac
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy